n-able CVE Vulnerabilities & Metrics

Focus on n-able vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About n-able Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with n-able. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total n-able CVEs: 5
Earliest CVE date: 04 Aug 2023, 00:15 UTC
Latest CVE date: 01 Jul 2024, 21:15 UTC

Latest CVE reference: CVE-2024-28200

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -75.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -75.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical n-able CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS n-able CVEs

These are the five CVEs with the highest CVSS scores for n-able, sorted by severity first and recency.

CVE-2024-28200 n-able Published on 01 Jul 2024, 21:15 UTC (CVSS: 0)
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.
CVE-2023-47132 n-able Published on 08 Feb 2024, 23:15 UTC (CVSS: 0)
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.
CVE-2023-47131 n-able Published on 08 Feb 2024, 23:15 UTC (CVSS: 0)
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.
CVE-2023-27470 n-able Published on 11 Sep 2023, 15:15 UTC (CVSS: 0)
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.
CVE-2023-30297 n-able Published on 04 Aug 2023, 00:15 UTC (CVSS: 0)
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.

All CVEs for n-able

CVE-2024-28200 n-able vulnerability CVSS: 0 01 Jul 2024, 21:15 UTC

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

CVE-2023-47132 n-able vulnerability CVSS: 0 08 Feb 2024, 23:15 UTC

An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.

CVE-2023-47131 n-able vulnerability CVSS: 0 08 Feb 2024, 23:15 UTC

The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.

CVE-2023-27470 n-able vulnerability CVSS: 0 11 Sep 2023, 15:15 UTC

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.

CVE-2023-30297 n-able vulnerability CVSS: 0 04 Aug 2023, 00:15 UTC

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.